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DETAILED ACTION 
Response to Arguments 

1. Applicant's arguments with respect to presently pending claims 1-7, 10-17, and 20-30, 
filed on 08/15/2006 have been fully considered but they are not persuasive. The examiner would 
like to point out that this action is made final (MPEP 706.07a). 

2. The rejection for claims 5 and 14 under 1 12 lack of antecedent basis is withdrawn. 

3. The Applicant's first argument concerns requiring a withdrawal for 1 12 first rejection 
because applicant fails to see why the claims of the present application are rejected based on the 
disclosure in Applicant's detailed description wherein "the user who uses "Anonymous" is 
permitted to use only commands other than the commands for file transmission to an external 
network" as recited in pages 2-3 of the Remark. The examiner respectfiilly disagrees with the 
Applicant's contentions. The office has provided multiple Office Actions to reject the 
Applicant's broad claims limitations because Applicant has amended and changed the limitations 
multiple times. Each amendment must comply with the specification and must not cause a 
112 issue. The Examiner clearly understands applicant's limitations and never been confused. 
But when claims are not clear enough and cause 112 issues, the claims will never be 
patentable. 

The examiner rejected the claim limitation based on the specification wherein "the user who uses 
"Anonymous" is permitted to use only commands other than the commands for file transmission 
to an external network" because the limitation has to be rejected in light of specification. The 
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examiner clearly understood the explanations given on page 3 lines 9-16 and page 4 lines 3-10 of 
the Remark during examination. However, the claims limitations must be clearly claimed with 
no contradicting ideas. The limitations as rejected under 1 12 in the last office action are not clear 
and have conflicting ideas. The user being "Anonymous" .... and permitting access to the 
user, and the user being "Anonymous" ... and denying/interrupting access to the user is a 
conflicting/contradiction idea (please refer to the last 112 rejection). And appropriate 
correction is required. Therefore, the 1 12 rejection for claims 1, 5, 14, and all dependent claims 
are maintained. 

The Applicant's argument concerns Stockwell et al. reference failure to disclose, "'the FTP proxy 
determines whether or not an ID transmitted from an internal user of the internal network is a 
registered lU" as recited in claims 1, 5, 14, and 23. The examiner respectfully disagrees with the 
Applicant's contentions and would like to draw the Applicant's attention to col. 3 lines 18-30 
wherein Stockwell discloses regulating the flow of internetwork connections through a firewall 
having a network protocol stack which includes an IP layer. A determination is made of the 
parameters characteristic of a connection request, including a netelement parameter characteristic 
of where the connection request came from. A query is generated and a determination is made 
whether there is a rule corresponding to that query. If there is a rule corresponding to the query, a 
determination is made whether authentication is required by the rule. If authentication is required 
by the rule, an authentication protocol is activated and the connection is activated if the 
authentication protocol is completed successfully. Col. 4 lines 21-37 of Stockwell et al. discloses 
A firewall/gateway which can be used to regulate the flow of internetwork connections from an 
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internal to an external network, review message traffic, message content, provide authentication, 
and identification services, and access control auditing. Col. 7 lines 10-col. 8 lines 25 of 
Stockwell et al. discloses a query list contains all of the relevant information needed to make the 
ACL check. Requests from the internal users to external are checked and determined based on 
registered user identification. 

As per Applicant's arguments concerning Stockwell et al. failure to teach wherein "access 
control is not performed if the ID transmitted from the internal user is "anonymous" such that the 
internal user is permitted to connect to a server located in the external network without access 
control" as recited in claims 1, 5, 14 and 23. The examiner respectfully disagrees with the 
Applicant's contentions and would like to refer to col. 12 lines 23-44 wherein Stockwell 
discloses allowing access to "anonymous" FTP. Moreover, the applicant's arguments regarding 
"any client in the internal security domain can access any FTP server in the external domain" is 
different from "access control not being performed if the ID transmitted is "anonymous" 
allowing a user to connect to the external network. 

As per Applicant's arguments concerning Stockwell et al. failure to teach checking an ID of the 
internal user if the received service command is a command requesting data transmission, if the 
user is "anonymous" interrupting the transmission of the received service command to the 
external network, and if the user ID is a registered ID other than "anonymous transmitting the 
received command to the external network and transmitting the data received from the internal 
user to the external network" as recited in claims 1, 5, 14 and 23. The examiner respectfully 
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disagrees with the AppHcant's contentions and would Hke to refer to col. 4 lines 29-55 and col. 9 
lines 16-31 and 34-39 wherein the firewall proxy is a request access authenticator and the ACL 
of the firewall proxy is checked when user access request is received and if the user is not a 
registered/known user the request is denied and if the request is in the list, access is allowed and 
message content is transmitted. 

Claim Rejections - 35 USC § 112 

4. The following is a quotation of the first paragraph of 35 U.S. C. 112: 

The specification shall contain a written description of the invention, and of the manner 
and process of making and using it, in such fiiU, clear, concise, and exact terms as to 
enable any person skilled in the art to which it pertains, or with which it is most nearly 
connected, to make and use the same and shall set forth the best mode contemplated by 
the inventor of carrying out his invention. 

5. Claims 1,5, 14 and all dependent claims to claims 1, 5, and 14 are rejected under 35 

U.S.C. 1 12, first paragraph, as failing to comply with the enablement requirement. The claim(s) 
contains subject matter which was not described in the specification in such a way as to enable 
one skilled in the art to which it pertains, or with which it is most nearly connected, to make 
and/or use the invention. Applicant on claim 1 lines 15-lines 17 claims "wherein access control 
is not performed if the ID transmitted fi*om the internal user is "Anonymous," such that the 
internal user is permitted to a service located in the external network without access control to 
connect to a server located in the external network without access control, . . and on lines 21- 
24 of the same claim "... if the user ID is "Anonymous," interrupting the transmission of the 
received service command to the external network; and if the user ID is a registered ID 
other than "Anonymous," transmitting the received service command to the external network 
and transmitting the data received fi-om the internal user to the external network,. . 
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Applicant is claiming two conflicting ideas of limitations. It is not clear what applicant is 
trying to claim. It is either there must be different types of request that applicant is trying to 
claim or a different kind of access control method, or a different invention that is not clearly 
disclosed in the Applicant's disclosure. If the invention is based on different kinds of request (in 
light of the specification\ then applicant is required to clearly disclose the types of requests in 
the claims. For example, request comprising connection request to external network and data 
transmission request to external network, 

if the request is connection request to the external network and user is "Anonymous" 
then performing no (no second/no further) access control but/and allowing a connection (just 
physical connection) to the external network, and 

if the request is a data transfer request and user is "Anonymous" then performing an 
access control authentication on the user based on user ID and allowing or denying requested file 
transmission services based on authentication result. ... 

Applicant discloses, in the specification par. 38, "if the client of the internal network tries 
to connect to the FTP proxy to request FTP service fi-om the FTP server 17/extemal network. . 
par. 40 ". . . if the user ID is "Anonymous," the FTP proxy is permitted to connect to the FTP 
server without any particular access control operation. Thus physical connection between the 
cHent and FTP server of the external network is established. . ." and on par. 46 ". . .if the received 
command is for transmitting files to the external network, the FTP proxy determines whether the 
user ID is "Anonymous" the FTP proxy prevents the command from being transmitted to the 
FTP server 17. If the user ID is "Anonymous" in the internal network, connection is permitted 
without any access control operation. . . . "the user who uses "Anonymous" is permitted to use 
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only commands other than the commands for file transmission to an external network". 

Examiner rejects the claims based on the highHghted idea above, i.e. request comprising 
connecting and transmitting file/data to external network, if the request is for just connection, no 
need to perform access control, if request is to transmit file/data performing access control. 
Claims 5, are 14 are also rejected based on the same rational as claim 1. It is not clear what the 
applicant is intended to say. Appropriate correction is required in response to this Office Action 
to avoid abandonment. 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

7. Claims 1-7, 10-17, and 20-30 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Stockwell et al. USPN 5,950,195 in view of Williams USPN 6,304,973 Bl. 

Regarding claims 1, 14, and 23, Stockwell et al. teaches a protective device for internal 
resource protection in a network (fig. 4), comprising: 

a firewall (fig. 1 element 14, arid 18: TCP, Ethernet) between an internal network 
(fig. 1 element 26) and an external network (fig. 1 element 22), to selectively perform a 
disconnection fianction for an access request to the external network from the internal 
network (col. 4 lines 28-42 and fig. 4 element 1 10; terminator firewall)'. 
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a FTP proxy (fig. 2 element 50; FTP proxy) to perform an authentication function for an 
access request from the internal network to the external network (col. 4 lines 43-55, col. 5 
lines 17-35; FTP proxy with ACL for service and/or connection requests to/from the 
network), 

wherein the FTP proxy determines whether or not an ID transmitted from an 
internal user of the internal network is a registered ID (col. 7 lines 45-col. 8 lines 29; 
FTP proxy determining user accesses based on predefined internal users ID), 

wherein access control is not performed if the ID transmitted from the 

internal user is "Anonymous, such that the internal user is permitted to connect to a server 
located in the external network without access control (col. 12 lines 23-44; allowing 
anonymous FTP), 

wherein transmitting the data comprises: 

checking an ID of the internal user if the received service command is a command 
requesting data transmission (col. 9 lines 16-29); 

if the user ID is "Anonymous," interrupting the transmission of the received 
service command to the external network (col. 9 lines 26-31 and fig. 4 elements 112, 114, and 
110); and 

if the user ID is a registered ID other than "Anonymous," transmitting the 
received service command to the external network and transmitting the data received from 
the internal user to the external network (col. 9 lines 34-39 and fig. 4 elements 112, 1 14, 
and 104), 

wherein the file system stores data according to a type of the data (col. 5 
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lines 53-60), and 

wherein the type of data is at least one of ASCII, EBCDIC, and 
Image (col. 5 lines 53-col. 6 lines 59). 

Stockwell et al. fails to explicitly disclose: 

to record log information related to the transmission of data by an authenticated 
user; and 

a database to store log information related to the transmission of data according to the 
control of the FTP proxy. 

However Williams discloses a system of firewall security to provide internal 
resource protection from internal user instead of the well known firewall protection of 
internal resource from external users (col. 3 lines 5-15) in using multi-level security 
network and security level col. 5 lines 3-67): 

to record log information related to the transmission of data by an authenticated 
user (col. 18 lines 20-58); 

a database to store log information related to the transmission of data according to the 
control of the FTP proxy (col. 18 lines 20-58). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to employ the teachings of Williams within the system of 
Stockwell et al. because they are analogous in network security. One would have been 
motivated to incorporate the idea of Williams because it would allow the network 
administrator to control every user activities performed in the network by using the well- 
known teachings of logging activity information. 
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Williams discloses a database to record log information on the FTP proxy as 
disclosed above. Williams does not explicitly disclose storing the transmitted data however 
it is obvious to include a file system to store data transmitted from the internal network to 
the external network, at the time of invention, according to the control of the FTP proxy 
because it would provide identification of data transmitted for security. 

Regarding claim 5, it has similar limitations as claim 1 above. And it has been rejected 
based on the same rational as claim 1. And Williams teaches the additional limitations of 
claim 5 wherein 

if the received service command is a command designating a type of data, storing the 
designated type of data in a file system (col. 8 lines 22-67). 

Regarding claim 2, Williams discloses the device of claim 1, further comprising a proxy 
monitor configured to display the log information outputted from the FTP proxy (col. 18 
lines 11-58). 

Regarding claim 3, Stockwell et al. further discloses the device of claim 1, wherein a client 
connects to a FTP server of the external network through the FTP proxy (col. 4 lines 21- 
55). 

Regarding claims 4 and 13, Williams teaches the device of claim 1, wherein the log information 
comprises a file name and absolute path of the file data to be stored in the FTP server, and a file 
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name and absolute path of the file data logged on the FTP proxy (col. 
58). 



Page 1 1 
17 lines 66-col. 18 lines 



Regarding claim 6, Stockwell et al. teaches the method of claim 5, wherein determining 
whether the access request is permitted further comprises: 

controlling access by determining whether a host that has transmitted the access 

request is a registered host or not, if the ID of the internal user is a registered ID (col. 9 lines 10-57). 

Regarding claims 7, 15, and 27, Stockwell et al. teaches the method of claim 6, wherein 
controlling the access comprises: 

determining whether the ID transmitted from the internal user is a registered 
ID (col. 9 lines 10-57); 

if the ID is registered, reading host information corresponding to the 
registered ID from the database (col. 9 lines 34-39); 

determining whether the host information read from the database and the host who 
has transmitted the access request are identical (col. 9 lines 10-57); and 

permitting access to the external network if the two hosts arc identical (fig. 4 

element 104). 

Regarding claims 10, 16, and 28, the combination teach the method of claim 5 recording the 
transmission and reception of services comprises: 
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receiving file data to be transmitted fi-om the internal user to the external network (Fig. 2 

element 50, and Stockwell et al. col. 8 lines 39-col. 9 lines 40); 

identifying the file data according to its data type to store the file data in the file 
system (Stockwell et al. col. 8 lines 39-col. 9 lines 40 and Fig. 2 element 50); and 

recording log information on the transmission of file data in a database (Williams col. 18 
lines 11-67). 

Regarding claim 11, Williams teaches the method of claim 10, wherein the filed data can be 
identified by the user as a designated data type or can be identified as a defauh data type (col. 10 
lines 56-65). 

Regarding claim 12, Williams teaches the method of claim 10 wherein the log information is 
recorded in the database when all data to be transmitted fi:'om the internal user to the external 
network is transmitted (col. 18 lines 1 1-27). 

Regarding claims 17 and 29, Williams teaches the method of claim 16, wherein the log 
information comprises a user ID for performing file data transmission, a source IP address 
of the client being used by the internal user, a destination IP address of the FTP server that 
receives the file data, a date and time of file data transmission, a file name and absolute 
path of the file data to be stored in the FIT server, and a file name and absolute path of the 
file data logged on the FTP proxy (col. 18 lines 11-59). 
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Regarding claim 20, Stockwell et al. teaches the device of claim 1, fiirther comprising a client, 
coupled to the firewall and to the FTP proxy, to request FTP service from the external 
network if the FTP proxy successfully authenticates the client (col. 4 lines 23-55 and col 5 
lines 7-47 and fig. 2; performing access control check on the user connected to firewall and 
FTP proxy). 

Regarding claims 21, 22, and 30, Williams teaches the method of claim 10, further 
comprising outputting the log information in a form recognizable to a system operator 
(col. 18 lines 20-28; log file). 

Regarding claim 24, Stockwell et al. and Williams disclose all the subject matter as described 
above. Williams further discloses the method of claim 23, wherein storing the copy 
comprises storing the copy of the transmitted data (see claim 1 above) and the log 
information in the database of a file system (col. 18 lines 20-28; log file). 

Regarding claim 25, Stockwell et al. teaches the method of claim 24, wherein the file system 
stores data based on a type of the data (col 5 lines 53-col 6 lines 59; FTP proxy storing 
files to be transmitted.). 

Regarding claim 26, Stockwell et al. teaches the method of claim 25, wherein the type of data 
comprises one of the group of ASCII, EBCDC and Image (col. 5 lines 53-col. 6 lines 59). 
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Conclusion 



8. 



The prior art made of record and not relied upon is considered pertinent to applicant's 



disclosure. BorderWare Firewall Server 5.0, and BorderWare Firewall Version 5,0, disclose the 
well known FTP proxy authentication for accesses requested from the internal user to external 
user and Log file. 

9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Eleni A. Shiferaw whose telephone number is 571-272-3867. 
The examiner can normally be reached on Mon-Fri 8:00am-5:00pm. 

If attempts to reach the examiner by telephone are unsuccessfiil, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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